Showing results for 
Search instead for 
Did you mean: 

Securing login credentials for SAP .Net Connector

Former Member
0 Kudos

I have a .Net client application that connects to SAP and reads data provided by a BAPI. It is working fine but I am trying to answer question whether the username and password i am sending over to connect to SAP are actually sent in plain text or encrypted somehow. I couldn't find any reference for that in documentation of classes RfcConfigParameters and RfcDestinationManager.

I'm using code similar to the following:

//Set all connection parameters including user name and password in RfcConfigParameters object


RfcDestination destination = RfcDestinationManager.GetDestination(CON_NAME);

If it is true that credentials are sent as plain text, is there a more secure alternative?

Thank you


Accepted Solutions (0)

Answers (1)

Answers (1)

Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Sameh,

the credentials are not sent in plain text, but also not encrypted, only obfuscated. That's similar to HTTP, where it's also not plain text, but some encoded variant of user PW. In order to protect your credentials, it is highly recommended to encrypt the line by using an SNC implementation in your environment. Alternatively, yuo could use SAP assertion tickets, but it is also not that easy to use them within a .NET environment. Last but not least, when already using SNC, you could use X.509 certificates or some other means for logon. (See also EXTID documentation in NCo programming guide) This requires a trust relationship between the ABAP system and the .NET application.

Best regards,